lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
sx/issues/0129-negated-error-binding-bitwise-not.md
agra a8fbded567 fix(0129): logical not is truthiness-aware, not a bit flip 
The unary .not arm emitted bool_not (LLVM bitwise Not) for every
operand. Correct on i1; on an error binding — an error-set value, u32
tag at the LLVM level — a bitwise not of a nonzero tag stays nonzero,
so 'if !e' held even on a SET error and its branch read the
uninitialized success value (real segfault in the distribution repo's
sqlite tests). Plain integers had the same hole ('!7' was '~7').

Now: bool keeps bool_not; integers and error-set operands lower as the
truthiness complement (cmp_eq against a typed zero); anything else is
diagnosed instead of silently bit-flipped.

Regression: examples/1057 (set error: !e must not hold; success: !e
holds with a real value; integer truthiness) + examples/1171 (!"text"
diagnosed); both FAIL pre-fix. zig build test 426/426;
tests/run_examples.sh 600/600.
2026-06-12 13:36:54 +03:00

69 lines
2.8 KiB
Markdown
Raw Permalink Blame History

# RESOLVED — 0129: `if !e` held on a SET error binding (logical not lowered bitwise)
> **RESOLVED** (2026-06-12). Root cause: the `.not` arm of unary
> lowering (src/ir/lower/expr.zig) emitted `bool_not` — LLVM's bitwise
> `Not` — for EVERY operand type. On a real `i1` bool that is logical
> not; on an error binding (an error-set value, a u32 tag at the LLVM
> level) a bitwise not of a nonzero tag is still nonzero, so the branch
> condition stayed truthy: `if e` and `if !e` BOTH held on a set error,
> and the `!e` branch read the uninitialized success value. Plain
> integers had the same hole (`!7` was `~7` — truthy). Fix: `!` is now
> truthiness-aware — bool keeps `bool_not`; integers and error-set
> values lower as the complement `operand == 0` (`cmp_eq` against a
> typed zero); any other operand type is DIAGNOSED ("'!' needs a bool,
> integer, or error operand") instead of silently bit-flipped.
> Regression tests: `examples/1057-errors-negated-error-binding.sx`
> (set error: `!e` must not hold; success: `!e` holds with a real
> value; `!7`/`!0` integer truthiness) and
> `examples/1171-diagnostics-logical-not-bad-operand.sx` (`!"text"`
> diagnosed); both FAIL on pre-fix master. Gates: zig build test
> 426/426, tests/run_examples.sh 600/600.
## Symptom
`if e { ... }` on an error binding from a value-carrying failable
correctly tests "error is set", but `if !e { ... }` evaluates TRUE even
when the error IS set — both branches run, and the success value read
in the `!e` branch is uninitialized garbage.
Hit in production: /Users/agra/projects/distribution
`tests/sqlite_api.sx` (2026-06-12) — a `close()` behind `if !ne`
segfaulted on a garbage handle. The interim workaround routed negated
error logic through a plain bool.
## Reproduction
```sx
#import "modules/std.sx";
E :: error { Boom }
f :: (fail: bool) -> (i64, !E) {
if fail { raise error.Boom; }
return 42;
}
main :: () -> i32 {
v, e := f(true);
if e { print("error set\n"); }
if !e { print("BUG: !e true on a set error (v={})\n", v); return 1; }
return 0;
}
```
Observed at master ba37d0b: prints both lines, v is garbage, exits 1.
Expected: prints only "error set", exits 0.
## Investigation prompt
Suspected area: the unary `.not` lowering in src/ir/lower/expr.zig —
it emits `bool_not` (src/backend/llvm/ops.zig `emitBoolNot`
`LLVMBuildNot`, a bitwise xor-with-all-ones) regardless of operand
type. Error bindings are error-set values backed by a u32 tag
(src/backend/llvm/types.zig lowers `.error_set` to i32), so `~tag` of
a set error is nonzero and the condition holds. Fix: make `!`
truthiness-aware (complement-of-zero for integer-backed operands), or
diagnose non-bool operands; silent wrong evaluation is the worst of
both. Verify with the repro plus an integer-truthiness case, and run
zig build test + tests/run_examples.sh.
Reference in New Issue View Git Blame Copy Permalink